Hosted MTA-STS & TLS-RPT
Step 1: The first step to start with your PowerMTA-STS and TLS-RPT deployment would be to sign up with PowerDMARC to gain access to the PowerDMARC control panel.
After signing in, the first view available to you would be of the PowerDMARC dashboard.
Step 2: On the left-hand side menu displaying the various features, navigate to and click on the PowerMTA-STS tab under “Hosted Services”
Step 3: Add your domains by clicking on + Add Domain button at the top of the PowerMTA-STS page (If you haven’t added your domain already). Make sure you add only one domain per line.
Step 4: Add your desired domain in the blank box provided below and click on the Add Domains button to save changes.
Step 5: You can now view your registered active domains on the PowerMTA-STS page by cascading the Domain drop-down menu, like shown below:
Step 6: After clicking on your desired domain, the page will open to display all the current MTA-STS record configurations for that domain, as shown below:
If you don’t have MTA-STS or TLS-RPT enabled for your domain, the displayed page would look something like this:
Step 7: In order to deploy MTA-STS and enable TLS-RPT for your domain, all you need to do is simply navigate to the right-side of this screen and publish the 3 CNAME records that have already been automatically generated for you, in your domain’s DNS.
Note: The 1st CNAME record for MTA-STS is a DNS record to configure MTA-STS for your domain. The 2nd CNAME record points to the server that is hosting your MTA-STS policy file. Finally, the 3rd CNAME record is a DNS record to enable SMTP TLS reporting for your domain.
Step 8: After publishing the 3 CNAME records in your DNS, you can go ahead and validate your records to confirm that they have been implemented correctly by clicking on Validate MTA-STS Record.
Step 9: Once you click on Validate MTA-STS Record there will be a prompt appearing on your screen asking you if you’re sure that you want to generate and host the policy file for MTA-STS and the TLS certificate. Click on Continue progress to complete the process.
Step 10: A prompt will show that the process for generating the MTA-STS policy file and TLS certificate has been initiated. Click on Got it to continue. Note that this might take up to 60 minutes.
Step 11: Now all you need to do is wait till your screen is loading and files are being hosted and generated in the background.
Step 12: Once done, the screen will automatically refresh to show you the MTA-STS configurations for your domain. Shown below is the example of a domain that has MTA-STS successfully configured for it:
On the page, you will be able to see the DNS TXT record for MTA-STS that is published in the DNS of your domain. If your MTA-STS DNS TXT record is valid, you will see a Yes status displayed adjacent to it. Similarly, you can check the validity and accessibility of your MTA-STS policy file on the page, as shown below:
You can click on the URL provided for your hosted MTA-STS policy file to access the live policy file, as shown below:
Your hosted policy file would look something like this when you click on the URL to view it:
Changing Your MTA-STS Policy Mode
Step 1: To change your MTA-STS policy mode, all you need to do is navigate to Mode and select your desired mode from the cascading menu.
Step 2: On selecting your desired mode you can simply refresh your live policy file to see the changes being reflected on it as shown below:
Now coming to TLS-RPT, you should be able to see the TLS DNS TXT record that is published on your domain’s DNS along with the validity status of your record, as shown below:
Adding an Email Address for Your TLS Aggregate Reports
You will find that the email address to which you want your generated TLS aggregate reports to be sent to, is already being displayed in the Aggregate (RUA) Report email addresses as shown below:
Step 1: To add another email address all you need to do is type in your desired address in the Add Email section and click on Save, as shown below:
Note: It might take up to 15 minutes for the changes to be applied.
Step 2: Once the changes are effective, you will be able to see the new email address you added being displayed on your TLS DNS TXT record as well:
- Standard Email Protocols: SMTP, POP3 & IMAP Free4 m
- What is Email Security? Free4 m
- Email Security Practices Free4 m
- Building an Email Security Compliance Model Free5 m
- Corporate Email Security Checklist Free3 m 30 s
- What is the difference between Inbound email security and outbound email security? Free4 m
- What is Information Security? Free4 m
- Zero Trust Security Model Free3 m
- What is SPF Alignment? Free3 m
- How to Set Up Microsoft Office 365 SPF record? Free4 m
- How to Set Up Google Workspace SPF Record? Free2 m
- How to Set Up MailChimp SPF Record? Free3 m
- How to Set Up SendGrid SPF Record? Free2 m
- How to Set Up Salesforce SPF Record? Free3 m
- How to Setup Zoho Mail SPF Record? Free2 m
- What is DMARC Compliance? Free2 m
- The Benefits of DMARC Free2 m
- DMARC Configuring Free3 m
- Achieving DMARC Enforcement Free2 m
- DMARC Vs Antispam Solutions Free2 m
- DMARC Identifier Alignment Free2 m
- DMARC sp Tag Exceptions & Uses Free1 m
- Configuring DMARC without DKIM Free3 m
- Configuring DMARC without SPF Free2 m
- DMARC Aggregate Report Views Free3 m
- Video - PowerDMARC Aggregate Reports Free2 m 13 s
- DMARC Forensic Report Views Free2 m
- Video - PowerDMARC Forensic Reports Free
- DMARC Forensic PGP Encryption and Decryption Free2 m
- TLS Report Views Free3 m
- Video - PowerDMARC TLS Reports Free
- PDF/CSV Reports Free2 m
- Video - PowerDMARC PDF/CSV Reports Free1 m 1 s